[snip] I have a question concerning security of my file upload script. I'm using the php upload routines (move_uploaded_file,...) and variables ($_FILES) to upload images to a webdirectory. Everything works fine, meaning that I can upload images BUT only if I change the permission of the directory to which the uploaded images are moved to 777. I guess that this is not such a good thing from security point of view. So here are some questions I have: [/snip]
You should be relatively safe, and you can probably lower the permissions to 766 (world-writable drwxrw-rw-) and still be able to upload. Also, check the owner and group of the file, should be something like nobody nogroup or nobosy nobody. Your web server should be operating as nobody which also increases security as nobody can really do too much if set up properly. Your web host is familiar with all of these issues, so you should be OK. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
